Three steps for digital signage network security

September 14, 2017

[1]By Samantha BraultSecurity has been a hot topic lately in the world of digital signage. With hackers taking screens captive around the world, even if only to display unauthorized content for a minute, it is important to ensure an ironclad security plan is in place for all digital signage networks.

Physical securityAs most screens are located in public areas, it does not take a high-level hacker to change the content on them; someone can simply walk right up, unplug the media player and replace it with their own. So, the first step in digital signage network security is to restrict physical access to the hardware.

Screens must be securely fastened into position, such that all attachments—e.g. screws and bolts—are difficult to access and remove and all ports are protected. Media players should be locked within break-resistant enclosures and, wherever possible, kept out of public sight.

OS securityWithout physical access to screens, hackers may instead look for a virtual backdoor to the system. This is why it is important to limit access to the network’s OS.

The goal of locking down the OS is to only allow those services and applications that the media player needs to run, so there will be fewer targets for hackers to attack. Minimizing services will also help increase the performance of the player and reduce the need for software maintenance over time.

In addition to disabling all unnecessary services, the network manager should install a firewall to block unwanted traffic and work with software that does not require inbound ports. Security software updates will need to be implemented on an ongoing basis.

Application securityThe software applications that manage digital signage content playback and reporting add another layer to the network that must be secured, as data can otherwise be intercepted as it travels. There is particular risk with third-party applications, so it is crucial to select partners that also hold security to the highest standards.

Insecure protocols, such as Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP), should never be used for handling critical information. Instead, data should be secured by only working with applications that carry Secure Sockets Layer (SSL) certification.

Even better is to select applications that add their own layer of encryption for all data. Then, in the event of an interception, the stolen data would be unusable.

Samantha Brault is a communications and digital content specialist for BroadSign International, a Montreal-based digital signage software developer. For more information, contact her via e-mail at samantha.brault@broadsign.com[2].